SMTP beyond initial configuration

Posted on 2012-08-30
Medium Priority
Last Modified: 2012-08-31
I am currently setting up an SMTP server on out windows server 2008 in a DMZ workgroup and I want to add basic SMTP authentication to it. I can see in the IIS 6 manager where I can enable basic authentication but where do I setup the usernames and passwords for it? Any advice on how to set up security? How do I keep my SMTP server from being blocked by spam filters?
Question by:bdpcpa
  • 3
  • 2
LVL 41

Expert Comment

ID: 38351756
I'm not clear on what you're trying to accomplish here.  Are you just trying to set up the SMTP server so that it can relay email from programs on this machine or others in your DMZ to another specific email server?  Or trying to set it up so that various users can send email to anywhere, and if so why?  Are you sending out for a specific domain?  I may be able to provide some more specific advice when I understand better.

In general, to keep from being blocked by spam filters:
 - don't send out spam
 - have your DNS records in order.  For a sending server, this means having a PTR record for the IP you're sending from, and for the name in the PTR record have an A record that points back to the same IP.
 - check blacklists to make sure your IP isn't already on any blacklists for whatever reason

Author Comment

ID: 38351893
Currently the email provider we use has to many security restriction enabled for simple web forms and server/event logs to email up with updates. We deal a lot with HIPAA information so we have requested all the security. We have a few internal websites and servers that we would like to be able to send email to us that won’t contain any special information. We set up the SMTP server just for those devices. I have restricted access to it by ipaddress but I would like a little more security just to be safe. The Lead admin does not want to use a 3rd parties SMTP server like Google or what not so he wants me to set up an SMTP server.
LVL 41

Accepted Solution

footech earned 2000 total points
ID: 38352771
So you're just wanting to restrict what can relay through the SMTP server?  ...and you have a 3rd Party email provider?  Do already have the relay working?  Are you wanting to be able to send to any domain from this server?  What I'm trying to work out is exactly where the SMTP server will relay to, and from where, and when it needs use authentication.

This page provides some good guidance on setting up restrictions:
Use the Access tab to configure the inbound restrictions, and use the Delivery tab > Outbound Security if you want to set up authentication between the SMTP server and your email provider.  Typically I just restrict by IP.  I think this is more secure than requiring basic authentication (unless you use TLS).  I would rely more on your firewall to restrict what SMTP traffic gets to the SMTP server than I would on the restrictions set up in the SMTP server itself.

If you've already got all the relays working the way you want, but  what you're looking to do is specify which users will be allowed as valid credentials, I'm pretty certain this is not possible with the basic SMTP server role of Windows Server.  Any user which can authenticate would work.

Author Comment

ID: 38354029
I will restrict by ip address and use the firewall to stop smtp request from outside of my network.

Author Closing Comment

ID: 38354035
Thanks for the help

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
We aren’t perfect, just like everyone else.  Check out the email errors our community caught and learn the top errors every email marketer should avoid.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses
Course of the Month13 days, 12 hours left to enroll

755 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question